It is very common to isolate some special services into virtual private networks of some kind and provide only limited connectivity to these services from the outer world. Can this be done on a single box? Not without tricks 😉 .

Let’s face the following scenario. Autonomous systems A (blue on the right) and B (green on the left) decide to share services via a dedicated high-speed/low-latency/super-duper link (see green link on the picture below). They form a “servers VPN” which guarantees superb connectivity between servers A and B. But, what if the big green link fails? Read the rest of this entry »